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1, INTRODUCTION 

Beyond 2006, the 3GPP (third generation partnership project) introduced the second set of 4G/LTE 
cryptographic algorithms 128-EEA2 and 128-EEI2 for confidentiality and integrity respectively. This second 
set is based on the AES-128 (Advanced Encryption Standard) block cipher algorithm in CTR (Counter 
Mode) which provide confidentiality to EPS in LTE network [1]. The necessity of the confidentiality 
protected mode in LTE cryptographic algorithm EEA2 is to create a mask of data before encrypting it that 
will save time because it run quickly through using the bitwise operations. Based on study [2], AES-128 has 
drawbacks in its view design and need to improve. Apparently, AES-128 was released before more than a 
decade whereas the technology was changing year by year. So, with the recent new technology and emerging 
of huge applications like big data’s applications in addition to the applications have run with 64-bit and a lot 
of other applications, it has become a necessity for designing a new contemporary algorithm for the current 
demands. Especially young Rijndael that has faded and its sun had set as it has been believed by many 
researchers. Therefore, AES-128 can be replaced by HISEC lightweight block cipher algorithm to improve 
the security and decreasing the cost. 


2. LTE CONFIDENTIALITY ALGORITHM EEA2 

Ghizlane ORHANOU in 2010 inferred that the confidentiality protected mode is necessary in LTE 
cryptography algorithm EEA because there are some advantages of using this type of ciphering algorithm 
such as creating a mask of data before encrypting it which this operation is saving time in running time 
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through using bitwise operations[3]. In Figure (1) below represents the EEA in Encryption/Decryption 
operations [8]. 
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Figure 1. Encryption/Decryption Operation by using EEA [3]. 


The AES-128 algorithm encrypts each counter block that is obtained in 128 bits of keystream. And 
each counter block is divided into two parts, the most significant bits and the least significant bits of 64 bits 
in each. The most significant 64 bits are initialized, as presented before and the least significant 64 bits are 
initialized by setting zero value to all bits. The least significant 64 bits is part of the counter T is incremented 
by one mod 2™ to generate subsequent counter blocks, each result is formed in another 128 bits of keystream. 
[1)[3]. 

The role of AES-128 () function is to perform AES-128 encryption under the control of the 
confidentiality key. The TRUNC () function is responsible of truncating the final output of the operation of 
AES-128 encryption to the same length as the last plaintext block and then returning the most significant bits. 
The Figure (2) shows the EEA encryption/decryption mechanism. 
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Figure 2. EEA2 (Encryption/Decryption) Mechanisms. [1 ][3] 


3. OVERVIEW ON AES-128 ALGORITHM 

AES-128 is defined as a symmetric block cipher of 128-bit block size which includes three different 
key sizes (128 bits, 192 bits, or 256 bits). The 128-bit also called AES-128-128, the 192 bits are called AES- 
128-192, and the last 256 bits are called AES-128-256, as shown in Figure (3). [4] 
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Figure 3. Inputs/Outputs AES-128 Algorithm. [5] 
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The number of rounds is different according to AES-128 key length. Table | represents the size of 
key, size of block and the round number how they differ with different rounds: 


Table 1. Size of Key, Block and Round. [6] 
Key Length Block Size Number of Rounds 


(NK words) (Nb words) (Nr) 
AES-128 4 4 10 
AES-192 6 4 12 
AES-256 8 4 14 


Rijndael was chosen as the AES-128 in Oct 2000, and in Nov 2001 AES-128 was formally 
confirmed as the US federal standard .AES-128 algorithm performs the four primary functions are: 
e SubBytes() 
e ShiftRows() 
e MixColumns() 
e AddRoundKey() 


The internal structure of AES-128 is represented in Figure (4). 


SubBytes 


State 
Shifthows 


State 


MixCeluinmnns 


State 


AddRoundKey 





Figure 4. Internal Structure of AES-128. [7] 


4. PROPOSED LIGHTWEIGHT ALGORITHM (HISEC) 

HISEC used the same characteristics of PRESENT but different method for bit permutation. The 
structure of HISEC algorithm looks like the structure of feistel with some modifications [9] [10] [16]. The 
HISEC is constructed from sixty-four bits and eighty-bit size of the key and there are fifteen rounds in each 
round, there are operations like: Substitution box, Bit permutation, XOR, Rotation and key update. Moreover, 
there is XOR between the cipher text and key in the last round. The HISEC have four layers as following: 

e First Layer: in this layer, the 64-bit plaintext is XOR with the 64-bit key. The plaintext divides into 
two parts. Each part is 32-bit and the results after XOR of each part will be as inputs to the second 
layer (Substitution box). 

e Second Layer: this layer is the most important layer. It produces the confusion property and it gives 
the nonlinearity to the algorithm. It has 16 4-bit S-boxes and divides them into two parts, each part 8 
S-boxes. The output of this layer will be as inputs to the third layer (bit permutation). Also, this 
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layer uses one S-box and repeats it 16 times. The characteristics of the S-box are the same with good 
S-box. The values of S-box as shown in Table 2. 


Table 2. S-Box Values 
xX 2 3 4 5 6 T 8S 9 A B C 
9 8 6 


0 1 D E F 
SX) F C 2 7 0 5 A 1B E D3 4 


Third Layer: This layer produces the diffusion which is also important part for any strong encryption 
algorithm. This method of bit permutation applies on two sides and each side is 32-bit. 

Fourth Layer: this layer applies the rotation and XOR operations on both sides. First of all, rotate the 
left 32-bit and then XOR with right 32-bit. The result will keep in left 32-bit. The next step is to 
rotate the right 32-bit and XOR with new left 32-bit and the result will keep in right 32-bit. 

The key schedule details of updated key procedures in [18]. The Figure (5) shows all layers of 


HISEC in details. 


<P 


SECURITY DISCUSSION 


The important tool is cryptanalysis that it can measure the security of any algorithm. Differential, 


integral and boomerang attacks are applied in this paper for both algorithms (AES-128 and HISEC). 


5.1. Differential Cryptanalysis 


The minimum active S-box is the most robust way to check the resistance against differential attack 


[13] [14] [15]. Table 3 explains in term of different cryptanalysis that HISEC is safer than AES algorithm. 


Table 3. Active S-Box for (HISEC, AES-128) 


Algorithms Active S-boxes 
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HISEC [18] 17 43 96 124 166 


Shae 


x 
po - Le 


et ttt Tied ttl titi ti dtitit tilt 





Figure 5. All Layers Together in Details 
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5.2. Integral Cryptanalysis 

This another attack that the designer should consider it when he designs an algorithm. Building 
distinguisher table is the significant step in this attack. After building that table, it can know the round that 
attack can reach [14]. Table 4 shows the HISEC is stronger than AES-128 algorithm regarding of integral 
cryptanalysis. 


Table 4. Integral Attack for (HISEC, AES-128) 
Algorithms Maximum round 
AES-128 [17] m) 


5.3. Boomerang attack 

Knowing the active S-boxes number in every step is the first stage to amount this attack. While the 
second step is to calculating the prospect of recognizer of Boomerang attack. Depending on [15] [18], such 
attack can reach round 5 with probability of 2°. Moreover, we calculated the distinguisher probability of 
boomerang for AES-128 as following: 
e Inthe fourth round there are 25 active S-boxes and in the second round there are 5 active S-boxes. 
e Applying equation (1) in order to get the probability. 
e The ultimate probability is(((2~*) 2°) 7) x (((277) °) 2) = 27109 x 2729 = 27120, 

Table 5 shows the HISEC algorithm is more secure than AES-128 algorithm in the term of 
boomerang attack. 


Table 5. Maximum round of boomerang attack for HISEC and AES-128 algorithm 


No. Algorithms Maximum round Probability 
1. AES-128 6 paras 
2. HISEC 5 2 


6. COST DISCUSSION 
This cost is also significant part for designing algorithm. The cost calculation details in [16][17][18]. 
The Table (6) shows that the cost of HISEC algorithm is less cost than AES-128. 


Table 6. Cost for HISEC and AES-128 


Algorithm Plaintext Key S-box Cost 
HISEC [18] 64 80 16- 4bit 1694 GE 
AES-128 [20] 128 128 8 — 8bit 2400 GE 


7. CONCLUSION 

This paper tries to exchange AES-128 algorithm with HISEC algorithm. Also, the dissection of 
differential, integral and boomerang attacks are shown for AES-128 and HISEC against. The analysis showed 
that HISEC is more secure than AES-128 algorithms. Moreover, we calculated the cost of HISEC in GE and 
we compared it with AES-128 algorithm. The comparison showed that the cost of HISEC is less than AES- 
128 algorithm. Theoretically and from the results above, it can use lightweight block cipher algorithms to 
secure LTE/4G. Finally, this paper opens the door for deep research to use lightweight algorithms to secure 
LTE/4G. Our future works, implement the HISEC lightweight algorithm in hardware to verify the results. 
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